From 5e37cf9b6a1f1bdd41b73bf91e1bdcc95bc7bc51 Mon Sep 17 00:00:00 2001
From: Dag Heyman Kajevic <dag.heymankajevic@tink.com>
Date: Fri, 28 Oct 2022 15:08:24 +0200
Subject: [PATCH] make protobuf dependency include version 3.20.3

This will allow using a version of protobuf that is not vulnerable to CVE-2022-1941.

See https://nvd.nist.gov/vuln/detail/CVE-2022-1941 for reference.
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index b28fadd9..c7583d65 100644
--- a/setup.py
+++ b/setup.py
@@ -139,7 +139,7 @@
     ],
     ext_modules=EXTENSIONS,
     cmdclass=COMMAND_CLASSES,
-    install_requires=["protobuf>=3.11.0,<=3.20.1"],
+    install_requires=["protobuf>=3.11.0,<=3.20.3"],
     extras_require={
         "dns-srv": ["dnspython>=1.16.0,<=2.1.0"],
         "compression": ["lz4>=2.1.6,<=3.1.3", "zstandard>=0.12.0,<=0.15.2"],